Blog

How to Fix Chromecast and Spotify Cast Across VLANs in UniFi

A complete guide to enabling Chromecast device discovery and Spotify Cast groups across different VLANs in a UniFi network setup

The Problem

If you’re running a UniFi network with multiple VLANs and trying to use Chromecast devices or Spotify Cast groups, you’ve probably run into this frustrating issue: when connected to your main network, you can only see some devices, and speaker groups don’t appear at all. But when you connect to the same network as your Chromecast devices, everything works perfectly.

This is a common problem with smart home devices spread across different network segments, and it all comes down to how multicast DNS (mDNS) works across VLANs.

My Setup

Here’s the scenario I was working with:

  • Main Network (VLAN 10): Where phones, laptops, and primary devices connect

    • Uses Pi-hole for DNS
    • 5GHz WiFi for performance

  • IoT Network (VLAN 50): Dedicated network for smart home devices

    • Runs on 2.4GHz for better range and compatibility
    • Uses WPA2 for legacy device support
    • Also uses Pi-hole for DNS (consistent DNS across VLANs)

All Chromecast Audio devices, Google Nest speakers, and other casting devices were on the IoT network, while my phone and laptop were on the main network.

Why This Happens

Chromecast relies heavily on mDNS (multicast DNS) for device discovery. This protocol broadcasts messages on the local network to find devices, but by default, these broadcasts don’t cross VLAN boundaries. Even with mDNS enabled globally in UniFi, you need specific firewall rules to allow this traffic between VLANs.

Chromecast groups are especially sensitive because they’re virtual devices that need to:

  1. Discover all individual Cast devices across the network
  2. Synchronize playback state
  3. Maintain persistent connections between devices

Without proper cross-VLAN communication, your casting app can’t see the complete picture.

The Solution

Step 1: Enable mDNS on Both Networks

First, ensure mDNS is properly configured:

In UniFi Controller:

  1. Go to Settings → Networks
  2. Edit your Main Network (VLAN 10)
    • Under Advanced → IGMP Snooping: Enable
    • Under Advanced → Multicast DNS: Enable
  3. Repeat for your IoT Network (VLAN 50)

Global Settings:

  1. Go to Settings → System → Advanced
  2. Enable “Enable multicast DNS”
  3. Enable “Enable IGMP Snooping”

Step 2: Verify Network Isolation Settings

Make sure your IoT network isn’t blocking necessary traffic:

Settings → Networks → IoT Network

  • Ensure “Block LAN to WLAN Multicast and Broadcast” is DISABLED
  • Ensure “Isolate Network” is DISABLED

Step 3: Create Firewall Rules

This is the crucial part. You need to create firewall policies that allow specific traffic between your VLANs.

Go to Settings → Security → Firewall

Create the following rules:

Rule 1: Allow mDNS from Main to IoT

  • Type: Firewall
  • Name: “Allow mDNS to IoT VLAN”
  • Source Zone: Network → Main Network (VLAN 10)
  • Port: Specific → 5353
  • Action: Allow
  • Destination Zone: Network → IoT Network (VLAN 50)
  • Protocol: UDP
  • Schedule: Always

Rule 2: Allow mDNS from IoT to Main

Create the reverse rule:

  • Name: “Allow mDNS from IoT VLAN”
  • Source Zone: Network → IoT Network (VLAN 50)
  • Destination Zone: Network → Main Network (VLAN 10)
  • Everything else same as Rule 1

Rule 3: Allow Cast Control Traffic

  • Name: “Allow Cast Control to IoT”
  • Source Zone: Network → Main Network (VLAN 10)
  • Destination Zone: Network → IoT Network (VLAN 50)
  • Protocol: TCP
  • Port: Specific → 8008,8009,8443
  • Action: Allow
  • Schedule: Always

Rule 4: Allow Cast Media Streaming

  • Name: “Allow Cast Streaming to IoT”
  • Source Zone: Network → Main Network (VLAN 10)
  • Destination Zone: Network → IoT Network (VLAN 50)
  • Protocol: UDP
  • Port: Specific → 32768-61000
  • Action: Allow
  • Schedule: Always

Step 4: Apply and Test

  1. After creating all rules, wait a moment for them to apply
  2. If you want to be sure, restart your UniFi gateway
  3. Connect your phone/device to the main network
  4. Open Spotify (or Google Home, YouTube, etc.)
  5. All your Chromecast devices and speaker groups should now be visible!

Understanding the Ports

Here’s what each port/protocol does:

  • UDP 5353: mDNS discovery - allows devices to find each other
  • TCP 8008: Cast device control - sends commands to devices
  • TCP 8009: Cast communication - maintains connection state
  • TCP 8443: Secure Cast communication
  • UDP 32768-61000: Media streaming - the actual audio/video data

Troubleshooting

If it’s still not working after following these steps:

  1. Check firewall logs: Settings → Security → Firewall → Activity

    • Look for blocked connections between your VLANs

  2. Test with a simple setup: Temporarily connect your phone to the IoT network

    • If everything works there, it confirms the firewall rules need adjustment

  3. Device-specific issues: Some older Chromecast devices can be finicky

    • Try rebooting the Chromecast devices after applying the rules

Alternative Approaches

If you don’t want to open firewall rules between VLANs, consider:

  1. Single network approach: Put all Cast devices on the same network as your primary devices (less secure for IoT devices)

  2. Avahi reflector: Run an Avahi daemon on your UniFi gateway to reflect mDNS traffic (more complex setup)

  3. UniFi’s built-in mDNS repeater: Some newer UniFi firmware versions have improved mDNS handling, but manual firewall rules are still usually needed

Security Considerations

Opening these specific ports between VLANs is relatively safe because:

  • You’re only allowing specific protocols (UDP/TCP) on specific ports
  • The traffic is limited to Cast-related communication
  • You’re not allowing full access between VLANs
  • IoT devices still can’t initiate connections to your main network

However, if you want maximum security, you could create additional rules to limit traffic to specific IP addresses of your Cast devices rather than the entire IoT subnet.

Conclusion

Getting Chromecast and Spotify Cast groups working across VLANs requires a bit of networking knowledge, but it’s totally doable with UniFi’s firewall rules. The key is understanding that mDNS needs explicit permission to cross VLAN boundaries, and Cast devices need several ports open for full functionality.

Once configured, you’ll have the best of both worlds: secure network segmentation for your IoT devices and seamless casting from any device on your network.

This guide was tested with a self-hosted UniFi Network Application 9.5.21 running in Docker on a cloud host, with a UXG-Lite handling DHCP and firewall duties. Your interface may look slightly different depending on your UniFi controller version.